Just over a year after it was initially discovered, Flashback is extinct. The death declaration comes from ESET, who has recently published a report on the malware, made famous by building the world’s largest Mac OS X-based botnet.
The Flashback family of malware infected more than 600,000 Mac users at the peak of its chaotic run. As mentioned in our April 2012 editorial on the malware itself, the total number of infected hosts had fallen sharply shortly after the first of the year. However, until last May, Flashback was still a creditable threat; it was just smaller than it used to be. SecurityWeek’s previous comprehensive coverage on Flashback can be seen in full here.
According to ESET, the operator of the Flashback command and control infrastructure abandoned it in May. When the final C&C server was closed, Flashback was dead in the water, and the number of infected hosts continues to fall. But those that remain infected are simply sitting, as the operators have not issued a new variant of Flashback in order to avoid detection, so as those systems are updated with anti-virus options, the malware is cleaned fully.
“Many questions remain about OSX/Flashback: who were its authors, how much money did they make while running the malware, and did they move on to a new operation we have yet to learn about?” pondered ESET’s Pierre-Marc Bureau.
There’s no answer, anyone’s best guess is as good as the next person’s assumptions. Unfortunately, the answers may never emerge. While they didn’t attempt to hide Flashback when it was discovered, the authors and operators remain ghosts.
ESET’s report on Flashback, including a thorough breakdown of the code and command functions, is available here.
Related: Everything You’ve Always Wanted to Know About Flashback